iPhone vulnerable to JavaScript exploit
The dangers of the Interweb are almost enough for me to go back to writing letters and sending telegrams to my loved ones—almost. You think browsing the net on your iPhone is safe and then wham—you get hit by a truck. Literally. Because you weren’t looking where you were going.
And then, of course, there are security concerns online too. The most recent? A JavaScript vulnerability in MobileSafari that can be exploited by putting malicious code on a website which can cause the iPhone to kernel panic. It hasn’t been determined yet whether or not this could lead to remote code execution, but it’s theoretically possible, given the nature of the exploit. iPhone 1.1.2 and 1.1.3 are both listed as vulnerable, with the potential for earlier versions of the firmware to be at risk as well.
What can you do about it? At the moment, you can turn off JavaScript under Settings -> Safari, but that’s not a great solution, since any spiffy web apps that rely on it—read: most of them—won’t work in the meantime. Guess it’s just a matter of hoping that Apple will patch this soon, and making sure you trust the sites you go to.
[via Engadget]
Category: News
ABOUT iPHONE CENTRAL
Get the latest news, reviews, and opinion about Apple's groundbreaking iPhone from the Apple experts at Macworld.
Want more information? Be sure to check out our complete iPhone coverage.
iPHONE QUESTIONS OR COMMENTS?
Send your iPhone thoughts:
via e-mail
via voicemail
and we may use them on the site.
BLOG ARCHIVE
- July 2008 (1)
- June 2008 (1)
- May 2008 (39)
- April 2008 (34)
- March 2008 (33)
- February 2008 (50)
- January 2008 (34)
- December 2007 (33)
- November 2007 (42)
- October 2007 (45)
- September 2007 (53)
- August 2007 (67)
- July 2007 (111)
- June 2007 (82)
CATEGORIES
- Accessories (39)
- AT&T (47)
- Hacking (31)
- Hardware (26)
- Musings (102)
- News (217)
- Reader Experiences (5)
- Reviews (51)
- Software (139)
- Tips & Troubleshooting (79)
- Videos (9)
- Wi-Fi (15)
Comments (3)
Unless this vicious code is embedded in macworld, CNN, fox, tvguide, macuser, wired, apple, google, ups, usps, Fedex, amazon, or the likes of those, I don't think I have too much to fear from this.
Posted by Walt![[TypeKey Profile Page]](http://iphone.macworld.com/nav-commenters.gif)
|
February 7, 2008 12:25 PM
I would be curious to hear from ANYBODY who actually gets hit by this and perhaps share what site(s) were the culprit. I think a lot of these "scares" are so far fetched and I typically pass it off as nothing more than fanfare.
However, if there were truly some iPhone users out there who can actually confirm this, then it would sure be nice to know the source of the malicious code.
As a current user of firmware 1.1.1 (I am waiting for something "real" from Apple before I un-hack my phone) I am sticking with a hacked iPhone and a plethora of very useful applications that I use on a daily basis under firmware 1.1.1
Posted by Mike Erickson | February 7, 2008 12:45 PM
There is already a javascript exploit called ImageMaker, from a UK company. The software basically has you set up a bookmarklet which points to their website which also contains javascript in the URL. You are instructed to save the bookmarklet with the site URL removed, leaving only the javascript. What does the software do? It allows you to collect images from the web so you can send them to you friends from your iphone.
This is done without jailbreaking the iPhone, and opens up a whole new can of worms for having a malicious software exploit sitting on your springboard that is run when you select it.
A person could make a bookmark from an innocent looking URL, only to have it execute a virus, or some other type of malware that could wreck havoc with your iPhone.
David B. Alford
Posted by David B. Alford | February 7, 2008 2:33 PM